Enable firewall
This tool is a bash script. Its main function is to open the firewall and increase the security of intranet access.
If your machine environment is a pure Intranet environment, there is no need to turn on the firewall.
Usage method
The port that the product needs to be disclosed can be referenced Service port description
| Parameter name: | type | example | explain |
|---|---|---|---|
server_ips | string | "172.17.72.231 172.17.72.232" | Multiple IPS are separated by spaces |
lb_ips | string | "172.17.72.231" | The address of load balancing can only be an IP address |
tcp_ports | string | 22 8080 8082 | Open TCP ports, multiple ports are separated by spaces |
udp_ports | string | 8472 53 | Open UDP port, multiple ports are separated by spaces |
docker_range | string | "173.0.0.0/8" | The default docker network segment generally does not need to be modified |
cni_range | string | "10.244.0.0/8" | The default k8s CNI network segment generally does not need to be modified |
Download firewall script
https://docs-res.laiye.com/production/docs-res/private-deployment/zh/v6.0.0/public/EnableFirewalld.sh
Modify the address information in the script to the actual address
Generally, only modification is required server_ips and lb_ips and tcp_ports
vim EnableFirewalld.sh
Run script
Input: bash firewalld.sh